Debiosk - Why no shell?
Debiosk does not allow people to gain shell access. Virtual terminals have been disabled, xterm is not installed and sudo has been deactivated.
If someone gets a shell, they can do pretty much whatever they want with the machine. Debian includes perl for their package manager suite, and whatever perl can do someone also can also do - but only if they have a shell! Sudo is not functional on a debiosk machine, so even if someone had a shell they could theoretically not gain root privaleges (except in the case of kernel exploits), but having a shell on a public kiosk machine means that more than a few things are possible.
With a shell, someone can do some of the following things:
- Wage electronic attacks against other networks
- Modify the Debiosk, and potentially steal sensitive information belonging to whomever uses it next
- Gain elevated privileges
- Rootkit the machine
Nevertheless, as is the nature of Live CDs, if someone gains a shell the changes made (if any) will not carry over after a system reboot.